As VoIP becomes a more popular technology, more and more hackers are making attempts to exploit poorly secured VoIP servers. Hackers will scan for open servers and attempt to guess the password for an account on the system. Axon attempts to counteract this by counting invalid log in attempts coming from an IP address. If a single IP address makes more than 15 invalid login attempts with less than 24 hours separating them, Axon will add the IP address to the blacklist and ignore all future requests from that address.
While blocking an IP address based on invalid login attempts will allow Axon to combat hackers quickly and without user intervention (a well written attack could send hundreds of requests every second), it can have some unintended consequences as well. If an IP phone is set up with an invalid password for instance, it will probably try to re-register once every 10 minutes. After about 3 hours the phone will have made enough failed attempts to get itself banned. If this happens you may need to manually remove the IP address from the blacklist before the IP phone will be able to connect successfully.
In some other cases an attack may not actually try to guess a password, but could bombard your system with requests to try and force a Denial of Service attack. This basically tries to use partial requests to flood the server with incoming data in an attempt to make the level of service decrease or stop entirely. To stop this kind of attack, you can manually add the IP address to the blacklist. Most hacking scripts will continue trying the attack for a period of time, but if there is no response they will eventually give up.
Configuring the IP blacklist for your system is done from the Web Control panel. To do this, you will need to open the System Settings tab, find the Network Settings section and click on the "Manage IP Blacklist" button. From this interface, you can see what IP addresses are currently blacklisted and block/unblock individual addresses as needed. When adding addresses to the blacklist you should enter the full IP address in numeric form, like "1.2.3.4" or "192.168.1.100".
See also: